Slow Forums: PF Under DDOS Attack

  • Thread starter Borek
  • Start date
In summary: I'm not getting the 503 errors I was getting last night.It's Tuesday morning, March 6th, about 7:30 am EST.In summary, the Physics Forums website has been experiencing slow loading times and errors, particularly the "MySQL server has gone away" error. This is attributed to a DOS attack that occurred on March 5th and is still ongoing. The site moderators are working on fixing the issue and have contacted their data center for assistance. The attack is believed to be from a disgruntled individual or group, and the site is currently being monitored for any further attacks. The site's speed has improved since last night, but it is not yet back to
  • #36


Greg Bernhardt said:
finally got the big boys to help out, let me know if there are changes in performance

Grrr.. I just lost this post after time out, hunt them Greg, show no mercy !

6:22 am EST.

Rhody...
 
Physics news on Phys.org
  • #37


rhody said:
Grrr.. I just lost this post after time out, hunt them Greg, show no mercy !

6:22 am EST.

Rhody...

It's a good habit to hit <ctrl A> and <crtl C> (windows) before clicking 'post reply'.

then when disaster strikes <ctrl V> does the trick, unstriking.
 
  • #38


Andre said:
It's a good habit to hit <ctrl A> and <crtl C> (windows) before clicking 'post reply'.

then when disaster strikes <ctrl V> does the trick, unstriking.

Yeah I do that in a hurry if I notice site problems. I learned this the hard way from another forum, though.

Anyway, from my perspective, the site is not yet back to normal but it is functional.
 
  • #39


lurky said:
Yeah I do that in a hurry if I notice site problems. I learned this the hard way from another forum, though.

Anyway, from my perspective, the site is not yet back to normal but it is functional.

When posting large posts, I go into gmail, and paste and save it as a draft. Have been burned many times before. I should have known better this am, but because response wasn't bad when getting into post, I assumed, wrongly, that the problem was fixed.
Live and learn I guess.

Rhody...
 
  • #40


PF has never been this much slow for me. Any page (of PF) rarely loads and it gets stuck on 'waiting for physicsforums.com'
 
  • #41


A couple of hours ago it seemed much better, on and off that is. Apparantly the cyber attack has been resumed.
 
  • #42


I guess. It's horribly slow.
 
  • #43


Seriously though, what has this forum ever done to anybody?
 
  • #44


G01 said:
Seriously though, what has this forum ever done to anybody?

if only it worked that way :) PF is big enough now that it's a target for any reason.
 
  • #45


G01 said:
Seriously though, what has this forum ever done to anybody?

Yeah, this is getting ridiculous. What kind of total loser would attack PF?
 
  • #46


Greg Bernhardt said:
if only it worked that way :) PF is big enough now that it's a target for any reason.

But what for? Why would a bunch of geeks attack a bunch of nerds? It’s like running a protection racket against bums. What are they going to pay you with? Dirty socks? It makes no sense I tells ya. :-p
 
  • #47


This has escalated into a very serious attack. I appreciate everyone's patience!
 
  • #48


Greg Bernhardt said:
This has escalated into a very serious attack. I appreciate everyone's patience!

Until the US gets SERIOUS about forming a task force (Homeland Secuirty, Dept of Commerce, etc...) to identify, and take out these miscreants, this will continue.

People will continue their bad behavior unabated, until a little emotion known as fear takes over. Fear from the example of the newly formed task forces ability to identify, arrest, detain, and deport said troublemakers. Once they (the bad guys) figure out the stakes just got exceedingly high, many, if not most will change their habits. What will remain are the insane, mentally ill and terrorist types. It is in every civilized country's interest to participate, and the US could lead the way. Enough ranting, there, I feel better, well, just a little.

Rhody...
 
Last edited:
  • #49


AHHHHHH this is crazy!

Are you sure its really a DOS and not some other server problem? How can you tell the difference?
 
  • #51


Did you recently suspend or ban any users?
 
  • #53


Greg Bernhardt said:
we do every day

That might be a good place to begin looking for suspects.
 
  • #54


Greg Bernhardt said:
we were attacked this morning/afternoon. the firewall is still catching up, so things might still be a little slow for a bit

Was this an attack on PF itself, or its bandwidth provider? It seems... odd to attack a forum with a sledgehammer when a knife would do the job (nothing personal).

I'm familiar however, with being hosted by a company that makes the mistake of hosting some IRC channel or network, or a similar target; it gets DDOS'ed, and everyone hosted suffers.

@Ladykrimson: someone would need a botnet ready to do this, and be willing to use it up too. I've been pissed at PF before, but this is... stupid and bizarre.

edit: I'd add... it's not exactly effective, so maybe it's some exceptionally incompetant script kiddy? Who the hell can't DDOS a website anyway? I'm annoyed and disgusted.
 
  • #55


For what it is worth:

http://www.buzzle.com/articles/free-ddos-detection-and-mitigation-tools-for-linux-servers.html"
By David Foreman
Published: 2/11/2011

From his supplied link:

David Foreman
University Of Pennsylvania graduate in 1985. Self employed real estate investor for 10 years. Now owner of Foreman and Pike Consulting, an Internet Marketing Firm.

Rhody...

P.S. Wouldn't it be cool if traceroute endroute of the responsible party(s) computer(s) were possible and to send them a little PF present of of our own.
 
Last edited by a moderator:
  • #56


nismaratwork said:
Was this an attack on PF itself, or its bandwidth provider? It seems... odd to attack a forum with a sledgehammer when a knife would do the job (nothing personal).

I'm familiar however, with being hosted by a company that makes the mistake of hosting some IRC channel or network, or a similar target; it gets DDOS'ed, and everyone hosted suffers.

They are targeting PF's IP addy. We are on a dedicated server.
 
  • #57


rhody said:
For what it is worth:

http://www.buzzle.com/articles/free-ddos-detection-and-mitigation-tools-for-linux-servers.html"

Thanks rhody. We are doing everything we can on the server and the firewall is blocking everything, but there will still be performance issues as the traffic although blocked, is still hitting the server. We need measures to be taken further up the network chain.
 
Last edited:
  • #58


Greg Bernhardt said:
They are targeting PF's IP addy. We are on a dedicated server.

Damn it... that's just stupid and cruel.

In my experience, there are limited ways to respond to a DOS attack:

1.) Report to authorities
2.) If you have a set number of attackers, block traffic from those subnets.
3.) Notify people and entities who's computers have been compromised
---- From here, this is speculation, hypothetical, and not an endorsement ----
4.) Compromise the botnet and sniff incoming packets directing the bots
-Backtrace... a putz like this isn't going to be on a decent networks of BNCs
-Leave a message, or disable controller
4.2) Compromise the botnet, use tools from packetstorm security, and turn it on the attacker
5.) Identify. Juno.
6.) If in a country outside of reasonable jurisdiction, identify critical resources affiliated with the botnet owner and attack them.
7.) Compromise the botnet, then shut it down without malicious means (change passwords, update, etc)
7.) Compromise with a worm.
 
  • #60


caffenta said:
But what for? Why would a bunch of geeks attack a bunch of nerds? It’s like running a protection racket against bums. What are they going to pay you with? Dirty socks? It makes no sense I tells ya. :-p

Apparently, these particular geeks don't appreciate open platform discussions about some things.

Greg, have you contacted the FBI, or the RCMP? Don't know whether your server is in the U.S. or Canada. Regardless, any sustained attack like this violates some key U.S. laws of the kind the FBI takes interest. I'm also aware of certain edge (as in U.S. electronic border) tracking stations which record anything bound for any IP in the U.S. If it's routed, it can be tracked back to at least the station immediately prior. On the other hand, if it's a DDoS attack originating from virii/trojans/worms within the U.S., a call to Symantec and a couple other leading antivirus manufacturers might prove helpful. Might be helpful if it's a DDoS from the outside, as well.
 
  • #61


mugaliens said:
Greg, have you contacted the FBI, or the RCMP?

I'm not sure they'd care. DoS attacks are quite common.

To make this day even worse, the FedEx man just put a package under my door handle effectively locking me in. I seriously can't get out of my apartment now. I may have to jump off my 2nd floor balcony.
 
  • #62


mugaliens said:
Apparently, these particular geeks don't appreciate open platform discussions about some things.

Greg, have you contacted the FBI, or the RCMP? Don't know whether your server is in the U.S. or Canada. Regardless, any sustained attack like this violates some key U.S. laws of the kind the FBI takes interest. I'm also aware of certain edge (as in U.S. electronic border) tracking stations which record anything bound for any IP in the U.S. If it's routed, it can be tracked back to at least the station immediately prior. On the other hand, if it's a DDoS attack originating from virii/trojans/worms within the U.S., a call to Symantec and a couple other leading antivirus manufacturers might prove helpful. Might be helpful if it's a DDoS from the outside, as well.

In my experience, if this is a sustained attack by a "pro", it's going to originate outside of the west, and beyond any kind of meaningful enforcement. Each bot might be anywhere, but not the controller of the network... still, contacting authorities is the right move... it just won't usually help.

I offer Dalnet as an example, and also as an indicator that this is just a script kiddy with only slightly more bots than brains.
 
  • #63


Greg Bernhardt said:
I'm not sure they'd care. DoS attacks are quite common.

To make this day even worse, the FedEx man just put a package under my door handle effectively locking me in. I seriously can't get out of my apartment now. I may have to jump off my 2nd floor balcony.

Jesus Greg... did you piss off a gypsy fortune teller or something?! :wink:

Um... and don't jump, just call a neighbor!
 
  • #64


G01 said:
Seriously though, what has this forum ever done to anybody?
Rumor has it it involves Julian Assange and Anonymous. :wink:
 
  • #65


After using an exhaustive suite of computer forensics tools, I've discovered the cause of the slowdown...

It's all these posts in this thread!
 
  • #66


Greg Bernhardt said:
I'm not sure they'd care. DoS attacks are quite common.

To make this day even worse, the FedEx man just put a package under my door handle effectively locking me in. I seriously can't get out of my apartment now. I may have to jump off my 2nd floor balcony.
Call Fedex and have them send the guy back to untrap you.
 
  • #67


This has escalated into a very serious attack. I appreciate everyone's patience!

Patience and whatever support we can.

That probably means just sitting the misceants out - So be it.

In particular, Greg, don't take this personally, you are doing a great job with a great site.
 
  • #68


Andre said:
It's a good habit to hit <ctrl A> and <crtl C> (windows) before clicking 'post reply'.

then when disaster strikes <ctrl V> does the trick, unstriking.
Or if you run Firefox, the "Lazarus" addon saves form information for you as you go so it can be recovered if something happens. I almost never need it, but when I do, it's nice to have. It's pretty annoying typing out a long post and losing it!
 
  • #69


I'm being patient. At this point, though, I'm curious as all heck.
 
  • #70


vela said:
Rumor has it it involves Julian Assange and Anonymous. :wink:

I wish... known targets make life so much easier, and hackers have rivels.

Whoever this is...well... I hope their personal information finds it way into the hands of unscrupulous Turkish or Romanian hackers.
 

Similar threads

Replies
4
Views
2K
Replies
7
Views
1K
Replies
0
Views
96K
  • Sticky
3
Replies
96
Views
44K
Replies
3
Views
1K
Replies
30
Views
2K
Replies
13
Views
3K
Back
Top